Identity Threat Detection and Response (ITDR) In A Zero-Trust World

76
Identity Threat Detection and Response (ITDR) In A Zero-Trust World
Identity Threat Detection and Response (ITDR) In A Zero-Trust World

Cyber-attacks aimed at bypassing identity access management are succeeding, with cyber attackers moving laterally across enterprise networks, undetected.

One of the perimeters of a company that is most frequently attacked is its identity, and the tendency is accelerating. Cyber-attackers go unnoticed laterally across company networks as they attempt to circumvent identity access management (IAM). Cyber-attackers are also stealing organizations’ most precious data, such as the identities of employees and customers and financial information, by getting privileged access credentials.

Cyber attackers and more experienced advanced persistent threat (APT) groups consistently search for new ways to target IAM platforms.

According to Verizon 2022 Data Breach Investigations Report, stolen credentials make up 61 percent of all data breaches.

Protecting identities starts with a hardened IAM infrastructure

The limitations of IAM and privileged access management (PAM) in multi-cloud infrastructures are also noticeable. Because each public cloud provider uses a unique combination of IAM, PAM, policy management, configuration, and admin and user access controls, there are gaps between cloud platforms that hackers are now exploiting. Cybersecurity companies are bringing much-needed innovation in two areas: closing multi-cloud security gaps and identity management.

Even after defining and starting to implement its zero-trust architecture, an organization may still have trust issues with its infrastructure and IAM platforms themselves. To be effective, zero trust must consider all types of identification as threats, not simply user trust.

Any zero-trust architecture that aims to harden IAM infrastructure must handle application, data, device, transport/session, and user trust. The isolation of IAM, PAM, and identity governance and administration (IGA) systems leaves holes in identity protection that are filled by identity threat detection and response (ITDR). CISOs and security teams are assessing ITDR to fortify IAM systems first, especially those deployed in multi-cloud infrastructures, in light of gaps in multicloud designs and an exponential rise in human and machine-based identities.

Vendors of ITDR believe their platforms can, among other things, facilitate repair, more effectively investigate identity-based hack attempts, and end RDP sessions to guard against the compromise of administrator accounts.

Also Read: The Top 3 Challenges in Public Cloud Identity and Access Management

Identity threat detection and mitigation in the age of zero trust

Least-privileged access is a fundamental tenet of zero trust. It is a fundamental design requirement in today’s top IAM, PAM, and IGA systems. Whether the identity is machine-based or human-based, these systems are made to authenticate and approve an identity request for each least privileged access session. By recognizing entitlement exposures, privileged escalations that could indicate a breach, and identifying credential misuse before a breach can occur, ITDR providers are structuring their systems to strengthen least-privileged access.

Knowing that multi-cloud and container-intensive infrastructures are common attack vectors, with cyber attackers aiming to profit from how isolated IAM, PAM, and IGA systems are, it is imperative to prioritize ITDR.

Cyber attackers have complete access to an enterprise network after breaching an IAM once they have all the necessary credentials. Another problem that IDTR and SIEM suppliers are focusing on solving today is how to properly orchestrate identities across various cloud platforms.

From a zero-trust perspective, CISOs see value in ITDR for a number of reasons. First, ITDR can assist in tech stack consolidation and minimize older systems’ maintenance expenses and burden. It is necessary to enforce extra areas of trust in addition to user identities to close the gaps in multi-cloud infrastructure. Any implicit or assumed trust across infrastructure and tech stacks has the potential to be eliminated by ITDR.

CISOs also see the potential for ITDR to help them advance their zero-trust programs without having to develop new applications to address every identity-based danger surface on their networks. Cybercriminals have successfully exploited malware to breach an Active Directory (AD) configuration, giving them access to information about identity management and privileged access.

The combination of tools and programs that make up ITDR platforms demonstrates the ability to identify and thwart credential theft and privileged usage.

Also Read: Three Fundamentals to a Successful Zero-Trust Rollout

What CISOs are now doing

The CISOs with zero-trust program funding are looking for quick wins for initiatives that produce quantifiable value and results. Examples include endpoint security for virtual workforces and multifactor authentication. Closing the gaps between the distinct IAM and PAM systems of cloud providers is also a top concern, given a large number of workloads they have going into multicloud infrastructure.

Given the rise in identity management threats, CISOs may have the chance to create a new business case for further zero-trust funding this year. Any new business case this year must take the security of those new IAM, PAM, and IGA systems into account, given the rise in threats that target and exploit identity systems.

For more such updates follow us on Google News ITsecuritywire News